Manager, Technology Risk and Controls

About The Position

Requirements

• Progressive experience in technology risk management for at least 3 years, primarily on automated controls testing and GRC engineering
• Advanced knowledge of relevant regulatory requirements and standards, including COBIT, ISO 27001/ 27017, SOC 2, SWIFT and other IT frameworks
• Experience in project management
• Experience with coaching and leading a team
• Technology Risk & Controls Management
• ATCTM & Continuous Assurance
• GRC Platforms (ServiceNow IRM)
• Policy‑as‑Code / Compliance‑as‑Code
• Cyber & IT Control Domains
• Results Orientation – Delivers measurable reductions in manual testing and audit effort
• Analytical Thinking – Engineers practical solutions to complex risk problems
• Accountability – Owns outcomes and control effectiveness end‑to‑end
• Collaboration & Influence – Partners effectively across Technology, Security, Risk, and Audit
• Change Leadership – Drives adoption of modern, automated assurance practices

Nice To Haves

• CISA, CRISC or other relevant designation (i.e., CISM) is a strong asset

Responsibilities

• Manage the design and implementation of automated technology risk and control frameworks aligned to regulatory, audit, and enterprise risk expectations.
• Translate IT and cyber risk requirements into preventive, detective, and corrective control logic.
• Oversee the implementation of continuous controls monitoring (CCM) and automated testing capabilities.
• Manage execution of ATCTM use cases, reducing reliance on manual and sample‑based testing.
• Define control test logic, success criteria, thresholds, and exceptions.
• Ensure controls are repeatable, scalable, and audit‑defensible.
• Convert policies and operating standards into machine‑enforceable rules.
• Enable compliance checks within CI/CD pipelines, infrastructure configuration, and security tooling.
• Maintain end‑to‑end traceability from policy → control → automated test → evidence.
• Optimize configuration of ServiceNow IRM based on end-to-end technology risk management process.
• Lead integration of GRC platforms with ATCTM tool.
• Ensure data quality, control consistency, and reporting accuracy across systems.
• Support internal and external audits by providing automated, timely, and defensible evidence.
• Act as a key technical point of contact for audit, risk, and regulatory stakeholders.
• Drive control remediation and continuous improvement initiatives.

Benefits

• Opportunities for career advancement, access to industry-leading learning programs and up to $2,000 annually towards education reimbursement.
• Flexible health and dental benefits, plus a $5,000 mental health benefit to support your well-being.
• In addition to regular vacation and personal days, we support community involvement with a volunteer day.
• Company-matching pension plan, share ownership program and additional investment options.
• Employee recognition programs, service milestone celebrations, employee discounts and more!
• We provide a workplace where employees feel connected and supported through Employee Resource Groups (ERGs), mentorship programs, social clubs and events.